ThatGuyJack/networking-layout
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
networking-layout/VDS/wireguard-example.conf
Jack 4f93deea55 First Push
2023-08-31 19:27:52 +01:00

44 lines
2.3 KiB
Plaintext
Raw Blame History

#ipv6 ibgp wireguard
#Server PrivateKey
#Server Publickey
[Interface]
PrivateKey =
Address = 2a12:bec0:210:2::1/64,172.23.10.1/30 #Local Interface addresses
ListenPort = 51819
MTU = 1430 #MTU supported on a standard GPON network
PreUp = iptables -t nat -A PREROUTING -d <ExternalIP> -p tcp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 #Forward all TCP ports on external IP to Peers Address
PreUp = iptables -t nat -A PREROUTING -d <ExternalIP> -p udp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 #Forward all UDP ports on external IP to Peers Address
PreUp = iptables -t nat -A POSTROUTING -s 172.23.10.2/30 -j SNAT --to-source <ExternalIP> #Add SNAT (source NAT) rule for outgoing traffic
PreUp = ip6tables -A FORWARD -i ens18 -o wg1 -j ACCEPT #allow BGP'd traffic between interfaces
PreUp = ip6tables -A FORWARD -i wg1 -o ens18 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg2 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg3 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg4 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg5 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg9 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o wg10 -j ACCEPT
PreUp = ip6tables -A FORWARD -i wg1 -o nat64 -j ACCEPT
PreUp = ip6tables -A FORWARD -i nat64 -o wg1 -j ACCEPT
#Same as above but removing rules
PostDown = ip6tables -D FORWARD -i nat64 -o wg1 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o nat64 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg2 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg3 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg4 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg5 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg9 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o wg10 -j ACCEPT
PostDown = ip6tables -D FORWARD -i ens18 -o wg1 -j ACCEPT
PostDown = ip6tables -D FORWARD -i wg1 -o ens18 -j ACCEPT
PostDown = iptables -t nat -D PREROUTING -d <ExternalIP> -p tcp --dport 1:65000 -j DNAT --to-destination 172.23.10.2
PostDown = iptables -t nat -D PREROUTING -d <ExternalIP> -p udp --dport 1:65000 -j DNAT --to-destination 172.23.10.2
PostDown = iptables -t nat -D POSTROUTING -s 172.23.10.2/30 -j SNAT --to-source <ExternalIP>
[Peer]
#PublicKey =
PublicKey =
AllowedIPs = 2a12:bec0:210:2::2/64,2a12:bec0:214::/48,172.23.10.2/30
Reference in New Issue View Git Blame Copy Permalink